UBUNTU-CVE-2024-37149

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated technician user can upload a malicious PHP script and hijack the plugin loader to execute this malicious script. Upgrade to 10.0.16...

CVE-2024-37149 GLPI allows remote code execution through the plugin loader

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated technician user can upload a malicious PHP script and hijack the plugin loader to execute this malicious script. Upgrade to 10.0.16...

PT-2024-5859 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.16 Description: The issue is related to the GLPI system, which is an open-source asset and IT management software package providing ITIL Service Desk features, licenses tracking, and software auditing. An...

Croogo 3.0.2 - Remote Code Execution (Authenticated) Vulnerability

Exploit Title: Croogo 3.0.2 - Remote Code Execution Authenticated Exploit Author: Deha Berkin Bir Vendor Homepage: https://croogo.org/ Software Link: https://downloads.croogo.org/v3.0.2.zip Version: 3.0.2 Tested on: Windows 10 Home Single Language 20H2 & WampServer 3.2.3 == Tutorial $command"; ? ...

Malicious PHP Script Infects 2,400 Websites in the Past Week

A botnet dubbed Brain Food is giving webmasters indigestion with related attacks that push bogus diet pills and IQ-boosting pills via web pages hosted on legitimate sites. So far, spammers have been successful, thanks to an effective Hypertext Preprocessor PHP script also called Brain Food that h...

How to Run a Scareware Campaign

The infection routines being used by some scareware and rogue AV gangs are much more comprehensive and far-reaching than many current analyses have shown, experts say, including some attacks that not only place a malicious script on a compromised server, but infect every single legitimate script ...

MagicScripts E-Store Kit-2 PayPal Edition - Remote File Inclusion

source: https://www.securityfocus.com/bid/12910/info MagicScripts E-Store Kit-2 PayPal Edition is prone to a remote file include vulnerability. Remote attackers could potentially exploit this issue to include a remote malicious PHP script. If the attacker is able to execute the remote script it...

phpBB 2.0.x - 'admin_cash.php' PHP Remote File Inclusion

source: https://www.securityfocus.com/bid/11701/info A vulnerability is reported to exist in the phpBB CashMod module that may allow an attacker to include malicious PHP files containing arbitrary code to be executed on a vulnerable system. Remote attackers could potentially exploit this issue vi...

Cedric Email Reader 0.4 - Global Configuration Script Remote File Inclusion

source: https://www.securityfocus.com/bid/6820/info It has been reported that Cedric Email Reader is prone to an issue that may allow remote attackers to include malicious files located on remote servers. This issue is present in the 'emailreaderexecuteoneachpage.inc.php' script. Under some...

Cedric Email Reader 0.2/0.3 - Skin Configuration Script Remote File Inclusion

source: https://www.securityfocus.com/bid/6818/info It has been reported that Cedric Email Reader is prone to an issue that may allow remote attackers to include malicious files located on remote servers. This issue is present in the 'email.php' script. Under some circumstances, it is possible fo...